Servicing Internet Traffic

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Depending on the immediate task at hand, users in an organization that includes more than one site might want to access people or resources at the remote site, or they might want to access the Internet. You can use a demand-dial router to handle both types of traffic. If you do use the demand-dial router to enable users to access the Internet, you must decide whether you want users at a branch office to access the Internet through the main office or to access the Internet directly from the branch office.

For security, route branch office Internet traffic through the main office

If you deploy Microsoft® Internet Security and Acceleration (ISA) Server at the main office, and you want branch office Internet traffic to be protected by this system, configure branch office Internet traffic to go over the dial-up or VPN connection to the ISA server at the main office. ISA Server is an integrated firewall and Internet caching server that can also act as a VPN router to provide Internet access that is both secure and fast. For information about deploying ISA Server, see "Deploying ISA Server" in this book.

For performance, route branch office Internet traffic directly to the Internet

To give branch office users faster access to the Internet than is possible if the Internet traffic must travel to the main office and back, configure branch office Internet traffic to go directly out to the Internet through the demand-dial router. In addition, if you use an on-demand connection rather than a persistent connection, you must provide direct access to the Internet through the demand-dial router rather than over the link to the main office. Configuring client computers to allow users in the branch office to access the Internet directly through the demand-dial router is known as split tunneling.

For information about handling each alternative, see "Configure Internet Access Through the Calling Router" later in this chapter.